Design/Logic Flaw

Jenkins Configuration as Code Plugin 1.24 and earlier did not properly apply masking to values expected to be hidden when logging the configuration being applied...

Design/Logic Flaw

Missing permission checks in Jenkins Configuration as Code Plugin 1.24 and earlier in various HTTP endpoints allowed users with Overall/Read access to access the generated schema and documentation for this plugin containing detailed information about installed plugins...

CVE-2019-10344

CVE-2019-10344 affects Jenkins Configuration as Code Plugin (versions 1.24 and earlier). The issue is missing permission checks on various HTTP endpoints, allowing users with Overall/Read access to access the generated schema and documentation for the plugin, which contains detailed information a...

CVE-2019-10363

The CVE-2019-10363 issue affects Jenkins Configuration as Code Plugin versions 1.24 and earlier, where the plugin did not reliably identify sensitive values in the YAML export as encrypted, enabling potential exposure of credentials. The root cause is tied to handling of the Secret type when expo...

CVE-2019-10363

Jenkins Configuration as Code Plugin 1.24 and earlier did not reliably identify sensitive values expected to be exported in their encrypted form...

CVE-2019-10343

The CVE-2019-10343 entry concerns Jenkins Configuration as Code Plugin (versions 1.24 and earlier) where masking was not applied to values that should be hidden when logging the configuration being applied. Connected records (Red Hat and OSV attestations) reiterate that an incomplete fix in 1.26 ...

CVE-2019-10343

Jenkins Configuration as Code Plugin 1.24 and earlier did not properly apply masking to values expected to be hidden when logging the configuration being applied...

CVE-2018-1000610

A exposure of sensitive information vulnerability exists in Jenkins Configuration as Code Plugin 0.7-alpha and earlier in DataBoundConfigurator.java, Attribute.java, BaseConfigurator.java, ExtensionConfigurator.java that allows attackers with access to Jenkins log files to obtain the passwords...

CVE-2018-1000610

A exposure of sensitive information vulnerability exists in Jenkins Configuration as Code Plugin 0.7-alpha and earlier in DataBoundConfigurator.java, Attribute.java, BaseConfigurator.java, ExtensionConfigurator.java that allows attackers with access to Jenkins log files to obtain the passwords...

CVE-2018-1000610

The CVE-2018-1000610 entry concerns the Jenkins Configuration as Code Plugin (0.7-alpha and earlier). The vulnerability arises from insecure handling of passwords configured via the plugin, specifically in DataBoundConfigurator.java, Attribute.java, BaseConfigurator.java, and ExtensionConfigurato...

CVE-2018-1000609

The CVE-2018-1000609 issue affects Jenkins Configuration as Code Plugin (0.7-alpha and earlier). The vulnerability arises from ConfigurationAsCode.java, allowing users with Overall/Read access to export the Jenkins YAML configuration, exposing sensitive information. Impact is exposure of configur...

JVN#01040170: WordPress plugin "WP Google Map Plugin" vulnerable to cross-site scripting

The WordPress plugin "WP Google Map Plugin" provided by Flipper Code contains a reflected cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on a logged in user's web browser. Solution Update the plugin Update the plugin according to the information provided by...